Inhaltsverzeichnis

Secure Domain II: LDAP Authentifizierung an Microsoft AD

Software-Pakete nachinstallieren

apt install dirmngr prosody-modules

Benutzer im LDAP für Bind anlegen

dsquery user -name 'jitsi_ldap'

Prosody konfigurieren

-- Authentication configuration --

authentication = 'ldap2' -- Indicate that we want to use LDAP for authentication
ldap = {
    hostname      = '192.168.1.2:389', 	-- LDAP server location
    use_tls       = false,		-- disabled
    bind_dn       = 'CN=jitsi_ldap,OU=Administration,DC=example,DC=local', -- Bind DN for LDAP authentication (optional if anonymous bind is supported)
    bind_password = 'secret', -- Bind password (optional if anonymous bind is supported)
    user = {
      basedn        = 'DC=DOMAIN,DC=LOCAL',
      -- filter        = '(&(objectClass=Person)(memberof=CN=Videoconference-Users,OU=videoconference,OU=Groups,OU=SUB,DC=EXAMPLE,DC=LOCAL))',
      filter = '(objectClass=Person)',
      usernamefield = 'sAMAccountname',
      namefield     = 'cn',
    },
}
consider_bosh_secure = true;

VirtualHost "meet.domain.net"
        enabled = true -- Remove this line to enable this host
        -- authentication = "anonymous"
        authentication = "ldap2"
        -- we need bosh
        modules_enabled = {
            "bosh";
            "pubsub";
            "ping"; -- Enable mod_ping
        }

        c2s_require_encryption = false
VirtualHost "guest.meet.example.net"
    authentication = "anonymous"
    c2s_require_encryption = false

Jicofo konfigurieren

org.jitsi.jicofo.auth.URL=XMPP:meet.example.net
net.java.sip.communicator.service.gui.ALWAYS_TRUST_MODE_ENABLED=true

Jitsi Meet konfigurieren

        // XMPP domain.
        domain: 'meet.example.net',

        // When using authentication, domain for guest users.
        anonymousdomain: 'guest.meet.example.net',